From 1465590626cf0e3db0cf7b4ea8a315908b3cecbe Mon Sep 17 00:00:00 2001 From: Thijs Kinkhorst Date: Tue, 15 Aug 2023 14:01:55 +0000 Subject: [PATCH] Remove MellonIdPPublicKeyFile option It was only used when you compiled Mellon with Lasso < 2.4, last released in 2014, so was in practice not usable. However this was not clear from the documentation. Generalise the handling of obsolete options: keep them a no-op but log a startup notice when encountered. This now also applies to the earlier removed MellonDecoder option. Closes: #125 --- README.md | 7 ------- auth_mellon.h | 1 - auth_mellon_config.c | 23 ++++++++++------------- auth_mellon_diagnostics.c | 2 -- auth_mellon_handler.c | 5 ++--- doc/user_guide/mellon_user_guide.adoc | 10 ---------- 6 files changed, 12 insertions(+), 36 deletions(-) diff --git a/README.md b/README.md index 549b0fc..d5f95c7 100644 --- a/README.md +++ b/README.md @@ -477,13 +477,6 @@ MellonDiagnosticsEnable Off # Default: None set. #MellonIdPMetadataGlob /etc/apache2/mellon/*-metadata.xml - # MellonIdpPublicKeyFile is the full path of the public key of the - # IdP. This parameter is optional if the public key is embedded - # in the IdP's metadata file, or if a certificate authority is - # used. This parameter cannot be used if multiple IdP are configured. - # Default: None set. - MellonIdPPublicKeyFile /etc/apache2/mellon/idp-public-key.pem - # MellonIdPCAFile is the full path to the certificate of the # certificate authority. This can be used instead of an # certificate for the IdP. diff --git a/auth_mellon.h b/auth_mellon.h index c9e2748..a90db97 100644 --- a/auth_mellon.h +++ b/auth_mellon.h @@ -266,7 +266,6 @@ typedef struct am_dir_cfg_rec { am_file_data_t *sp_private_key_file; am_file_data_t *sp_cert_file; apr_array_header_t *idp_metadata; - am_file_data_t *idp_public_key_file; am_file_data_t *idp_ca_file; GList *idp_ignore; diff --git a/auth_mellon_config.c b/auth_mellon_config.c index e18bcb0..3c81cd5 100644 --- a/auth_mellon_config.c +++ b/auth_mellon_config.c @@ -647,8 +647,8 @@ static const char *am_set_secure_slots(cmd_parms *cmd, return NULL; } -/* This function handles the obsolete MellonDecoder configuration directive. - * It is a no-op. +/* This function handles the obsolete configuration directives. + * It is a no-op but logs a warning on startup. * * Parameters: * cmd_parms *cmd The command structure for this configuration @@ -660,10 +660,13 @@ static const char *am_set_secure_slots(cmd_parms *cmd, * Returns: * NULL */ -static const char *am_set_decoder_slot(cmd_parms *cmd, +static const char *am_set_obsolete_option(cmd_parms *cmd, void *struct_ptr, const char *arg) { + ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, cmd->server, + "Obsolete option %s set which has no effect", + cmd->cmd->name); return NULL; } @@ -1394,7 +1397,7 @@ const command_rec auth_mellon_commands[] = { ), AP_INIT_TAKE1( "MellonDecoder", - am_set_decoder_slot, + am_set_obsolete_option, NULL, OR_AUTHCFG, "Obsolete option, now a no-op for backwards compatibility." @@ -1591,10 +1594,10 @@ const command_rec auth_mellon_commands[] = { ), AP_INIT_TAKE1( "MellonIdPPublicKeyFile", - am_set_file_pathname_slot, - (void *)APR_OFFSETOF(am_dir_cfg_rec, idp_public_key_file), + am_set_obsolete_option, + NULL, OR_AUTHCFG, - "Full path to pem file with the public key for the IdP." + "Obsolete option, now a no-op for backwards compatibility." ), AP_INIT_TAKE1( "MellonIdPCAFile", @@ -1863,7 +1866,6 @@ void *auth_mellon_dir_config(apr_pool_t *p, char *d) dir->sp_private_key_file = NULL; dir->sp_cert_file = NULL; dir->idp_metadata = apr_array_make(p, 0, sizeof(am_metadata_t)); - dir->idp_public_key_file = NULL; dir->idp_ca_file = NULL; dir->idp_ignore = NULL; dir->login_path = default_login_path; @@ -1916,7 +1918,6 @@ static bool cfg_can_inherit_lasso_server(const am_dir_cfg_rec *add_cfg) || add_cfg->sp_cert_file != NULL) return false; if (add_cfg->idp_metadata->nelts > 0 - || add_cfg->idp_public_key_file != NULL || add_cfg->idp_ca_file != NULL || add_cfg->idp_ignore != NULL) return false; @@ -2066,10 +2067,6 @@ void *auth_mellon_dir_merge(apr_pool_t *p, void *base, void *add) add_cfg->idp_metadata : base_cfg->idp_metadata); - new_cfg->idp_public_key_file = (add_cfg->idp_public_key_file ? - add_cfg->idp_public_key_file : - base_cfg->idp_public_key_file); - new_cfg->idp_ca_file = (add_cfg->idp_ca_file ? add_cfg->idp_ca_file : base_cfg->idp_ca_file); diff --git a/auth_mellon_diagnostics.c b/auth_mellon_diagnostics.c index b23b4b0..896dc61 100644 --- a/auth_mellon_diagnostics.c +++ b/auth_mellon_diagnostics.c @@ -501,8 +501,6 @@ am_diag_log_dir_cfg(request_rec *r, int level, am_dir_cfg_rec *cfg, "MellonSPPrivateKeyFile (sp_private_key_file):"); am_diag_log_file_data(r, level+1, cfg->sp_cert_file, "MellonSPCertFile (sp_cert_file):"); - am_diag_log_file_data(r, level+1, cfg->idp_public_key_file, - "MellonIdPPublicKeyFile (idp_public_key_file):"); am_diag_log_file_data(r, level+1, cfg->idp_ca_file, "MellonIdPCAFile (idp_ca_file):"); diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c index 1ba6bcc..3e0bf57 100644 --- a/auth_mellon_handler.c +++ b/auth_mellon_handler.c @@ -322,9 +322,8 @@ static LassoServer *am_get_lasso_server(request_rec *r) if (am_server_add_providers(cfg, r) == 0) { AM_LOG_RERROR(APLOG_MARK, APLOG_ERR, 0, r, "Error adding IdP to lasso server object. Please" - " verify the following configuration directives:" - " MellonIdPMetadataFile and" - " MellonIdPPublicKeyFile."); + " verify the following configuration directive:" + " MellonIdPMetadataFile."); lasso_server_destroy(cfg->server); cfg->server = NULL; diff --git a/doc/user_guide/mellon_user_guide.adoc b/doc/user_guide/mellon_user_guide.adoc index 93bfdcd..ff050e6 100644 --- a/doc/user_guide/mellon_user_guide.adoc +++ b/doc/user_guide/mellon_user_guide.adoc @@ -3523,8 +3523,6 @@ Mellon Directory Configuration for URL: /saml-test/protected.html XotXjsiL1KtqNW1k/oVtLwNP0trqqh9npWV+R3pDTckxIHQhOvs5VqQZANViH6mp YK53b9Bhr0TpIOKetFY68kQ= -----END CERTIFICATE----- - MellonIdPPublicKeyFile (idp_public_key_file): - file_data: NULL MellonIdPCAFile (idp_ca_file): file_data: NULL MellonIdPMetadataFile (idp_metadata): 1 items @@ -3922,8 +3920,6 @@ Mellon Directory Configuration for URL: /mellon/login XotXjsiL1KtqNW1k/oVtLwNP0trqqh9npWV+R3pDTckxIHQhOvs5VqQZANViH6mp YK53b9Bhr0TpIOKetFY68kQ= -----END CERTIFICATE----- - MellonIdPPublicKeyFile (idp_public_key_file): - file_data: NULL MellonIdPCAFile (idp_ca_file): file_data: NULL MellonIdPMetadataFile (idp_metadata): 1 items @@ -4330,8 +4326,6 @@ Mellon Directory Configuration for URL: /mellon/postResponse XotXjsiL1KtqNW1k/oVtLwNP0trqqh9npWV+R3pDTckxIHQhOvs5VqQZANViH6mp YK53b9Bhr0TpIOKetFY68kQ= -----END CERTIFICATE----- - MellonIdPPublicKeyFile (idp_public_key_file): - file_data: NULL MellonIdPCAFile (idp_ca_file): file_data: NULL MellonIdPMetadataFile (idp_metadata): 1 items @@ -4822,8 +4816,6 @@ Mellon Directory Configuration for URL: /saml-test/protected.html XotXjsiL1KtqNW1k/oVtLwNP0trqqh9npWV+R3pDTckxIHQhOvs5VqQZANViH6mp YK53b9Bhr0TpIOKetFY68kQ= -----END CERTIFICATE----- - MellonIdPPublicKeyFile (idp_public_key_file): - file_data: NULL MellonIdPCAFile (idp_ca_file): file_data: NULL MellonIdPMetadataFile (idp_metadata): 1 items @@ -5107,8 +5099,6 @@ Mellon Directory Configuration for URL: /favicon.ico XotXjsiL1KtqNW1k/oVtLwNP0trqqh9npWV+R3pDTckxIHQhOvs5VqQZANViH6mp YK53b9Bhr0TpIOKetFY68kQ= -----END CERTIFICATE----- - MellonIdPPublicKeyFile (idp_public_key_file): - file_data: NULL MellonIdPCAFile (idp_ca_file): file_data: NULL MellonIdPMetadataFile (idp_metadata): 1 items